[Openstack] Challenges faced with Openstack keystone v3 API
Devendra Gupta
dev29aug at gmail.com
Tue Apr 1 02:38:51 UTC 2014
Thanks you Tang and Joe for your inputs. I'll give it a try in my Havana
setup.
Tang, I guess the solution you provided is not yet released in Havana. I
mean to say if someone have latest released version setup of OpenStack
Havana then by default he don't have Identity v3 compatibility for nova in
his environment.
Regards,
Devendra
On Tue, Apr 1, 2014 at 7:47 AM, Yaguang Tang <heut2008 at gmail.com> wrote:
> so far, not all python-*client are ready for keystone v3, but if you want
> to try do some testing the correct procedure is
>
> 1. add or modify keystone identity service endpoints to v3 eg.
> http://localhost:5000/v3
> 2. change all openstack services auth_token middleware to use v3
> authentication, e.g. add auth_version=3.0 in nova.conf under
> [keystone_authtoken] section or in api-paste.ini file.
> 3. you need the two python-novaclient patch
> https://review.openstack.org/#/c/82149/ ,
> https://review.openstack.org/#/c/81749/.
> 4. export OS_IDENTITY_API_VERSION=3
> export OS_AUTH_URL=http://127.0.0.1:5000/v3
>
> then you should be able to use v3 token to do authentication, run nova
> --debug list and check the result.
>
>
>
>
>
>
>
>
> 2014-04-01 0:47 GMT+08:00 Joe Gordon <joe.gordon0 at gmail.com>:
>
>
>>
>>
>> On Mon, Mar 31, 2014 at 2:39 AM, Devendra Gupta <dev29aug at gmail.com>wrote:
>>
>>> Hi,
>>> We have been doing analysis around keystone v3 api for authenticating
>>> with openstack components in Havana release but while doing so we are
>>> facing some issues with the authentication using keytone v3 API .
>>>
>>> Below is the list of Components that we are using along with versions:-
>>> *Compute : v2*
>>> *Identity : v2.0 & v3*
>>> *Network : v2*
>>> *Image : v2*
>>>
>>>
>>
>>>
>>> Following are the concerns that we have :-
>>>
>>> 1. After getting authentication token using API */v3/auth/tokens *and
>>> supplying userid, password along with project scope , when we try to hit
>>> Compute's API
>>> * v2/58d73fe0ec9c44e7a2127bf8abd60dc2/os-networks* we are getting
>>> *Internal server error occured : code 500.*
>>>
>>
>>
>> Nova doesn't support keystone v3 yet.
>>
>>
>>
>>>
>>>
>>> Moreover , even if we try to hit other components like Neutron we have
>>> similar issues . However, when we hit the same API call with keystone v2.0
>>> generated auth token we are able to get results as desired.
>>>
>>> Since keystone is by default enabled to use v3 and v2.0 , the tokens
>>> generated by v3 should be able to authenticate for othe components like
>>> nova, neutron , glance which it is not happening as of now.
>>>
>>> So is it a configuration issue or keystone v3 version is not yet
>>> supported by other components.
>>>
>>> 2. Can there be a scenario where keystone will be setup with v3 only
>>> instead of both v2.0 and v3.
>>>
>>> Please provide inputs on the above.
>>>
>>> Regards,
>>> Devendra Gupta
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
>
> --
> Tang Yaguang
>
> Canonical Ltd. | www.ubuntu.com | www.canonical.com
> Mobile: +86 152 1094 6968
> gpg key: 0x187F664F
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140401/bfee94fa/attachment.html>
More information about the Openstack
mailing list